Lux Ex Umbra

Tuesday, December 18, 2018

CSE decryption aid

The History page on CSE's website contains a photo of this intriguing device, described as a poly-alphabetic cipher decryption aid made by an analyst in 1974 using cardboard tubing and graph paper.

The page explains that the device was "created to add another facet to an encryption slide rule," although it leaves us guessing as to what exactly that means.

I don't have an answer to that question, but I do have some thoughts about the object's purpose.

1. The device was used to analyze teleprinter traffic.

Teleprinters are electromechanical or electronic devices for transmitting text by cable or radio. Prior to the Internet, teleprinters were the primary means used to transmit government and corporate communications, sometimes in encrypted form, often en clair. In North America, the best-known teleprinters were those produced by the Teletype Corporation, and as a result the name Teletype was often used to refer to all teleprinters.

Close examination of CSE's decryption aid shows characters specific to teleprinter operation, including C/R (carriage return), L/F (line feed), characters to switch the output between alphabetic characters and numbers or symbols, and a bell symbol that is used not to print, but to ring the signal bell on the teleprinter.

2. The target was not Soviet.

The Soviets were big users of teleprinters, and CSE, which focused primarily on Soviet targets during much of the Cold War, collected and processed a lot of Soviet teleprinter traffic. But Soviet traffic it will come as no surprise to anyone to discover was mostly in Russian, and it used the Cyrillic alphabet.

CSE's device utilizes the English alphabet and thus was almost certainly used for traffic in English or other languages with essentially the same alphabet.

3. The device was used to help the analyst add teleprinter characters to one another.

Teleprinter characters are transmitted as a series of impulses of two different frequencies (or, in cable systems, voltages of opposite polarity) called marks and spaces, using in this case five marks or spaces per character. The letters A and B, for example, are typically encoded as mark-mark-space-space-space and mark-space-space-mark-mark, respectively. You can also think of this coding in terms of binary numbers, where A = 11000 and B = 10011.

Additional characters are used to shift between letters and other meanings (numbers/symbols) for each five-element code. The graphic below shows one version of this system (source).

This coding translates the text into a form suitable for machine transmission, but it doesn't provide any security for the message. Any teleprinter machine can interpret it.

To encrypt the text, typically a separate stream of characters equal in length to the original text is added to it, one character at a time.

These key stream characters are added using the equivalent of non-carrying binary addition, which is to say if you add key character B (10011) to plaintext character A (11000) you get 01011, which is the coding for character G. In this example, the enciphered text character that is sent is G.

To get the plaintext message, the intended recipient, who also possesses the key stream, adds it to the enciphered text again. (In non-carrying binary, addition and subtraction are functionally the same thing.) In the example, B (10011) is added to G (01011), producing 11000, which is the original plaintext character A.

CSE's decryption device appears to have been designed to help the analyst add teleprinter characters in this way.

To use it, you slip the cylinder with the multiple alphabets into the cover with the slot, select the first character you wish to combine from the column on the far left of the cylinder, rotate it so the character appears in the slot, find the location of the second character to be combined on the cover (letters below the slot, symbols above), and read off the character inside the slot (i.e., on the cylinder) directly above or below that second character.

To add A and B, for example, you find the letter A in the left-hand column, look two places to the right (corresponding to the letter B on the cover—this would be easier if the device were assembled), and read off the letter in that position (G).

4. The device was probably used for depth reading.

If CSE somehow obtained the key stream for an encrypted teleprinter message, this device would certainly have helped a cryptanalyst asked to manually decrypt it. Except for very short messages, however, it would probably have been simpler to set up the key stream on one teleprinter tape and the enciphered text on another and run them through a Rockex or similar cipher machine, which would automate the decryption process.

The more likely use of this device, I suspect, was to assist the analyst in depth reading.

Sometimes more than one message is encrypted in whole or in part with the same key stream, usually as a result of error, incompetence, or equipment malfunction. When such messages are found, they are said to be in "depth".

In systems like this, if you combine two encrypted messages that are in depth, an interesting thing happens. Since each of the enciphered texts was already a combination of the key stream and a plaintext, when the two enciphered texts are combined the two identical key streams cancel out, and the resulting text is a combination of just the two plaintexts.

For a cryptologic agency, this is a sitting duck. A cryptanalyst can test words that are likely to be found in one of the plaintexts against the combined text to see if a coherent version of the other plaintext emerges. By working back and forth between the two, it is possible to recover both plaintexts, although often with some unrecoverable or ambiguous parts.

In the days before desktop computers, the CSE device would have been very handy for this process, enabling a cryptanalyst to quickly check guessed characters for one plaintext against the combined text to determine the characters that would appear in the other plaintext if the guess were correct.

5. It may have been used on traffic collected at CSE's experimental collection operation in Montreal.

Canadian intercept stations focused overwhelmingly on Soviet targets at this time, but it is possible that some non-Soviet maritime traffic was being collected in the course of monitoring fishing fleets or other shipping off the coasts. Some of that traffic may have been encrypted and potentially been vulnerable to this cryptanalytic approach, although it's not obvious it would have been worth an analyst's time to recover it.

Another, perhaps more likely, possibility is diplomatic traffic to and from embassies in Ottawa. While many countries would certainly have known better than to permit key reuse, it's likely that some had lower standards of security, and accidents and errors do happen.

A third possibility is the traffic was collected at CSE's experimental collection operation at the Canadian Overseas Telecommunication Corporation (COTC) gateway in Montreal. I wrote about that little-known adventure here.

According to CSE, the device was made in 1974, which fits reasonably well with the COTC operation. Monitoring of teleprinter cable traffic was begun at the site on an experimental basis, to assess the value of the traffic that might be collected there, in or around 1971. The test was evidently a success, as CSE later sought funding to put the program into full operation. In mid-1974, however, the entry into force of the Protection of Privacy Act seems to have put the kibosh on the project.

Earlier in 1974, however, there may well have been an analyst working on ways to exploit this new source of traffic who decided it would be handy to have a quicker way to recover the texts of messages in depth.

The intent of the assessment is "to ensure that as cyber threat actors pursue new ways to use the Internet and connected devices for malicious purposes, Canadians are well informed of the cyber threats facing our country."

"Key Judgements" reported in the document include:

"Cybercrime is the cyber threat most likely to affect Canadians and Canadian businesses in 2019."

"Cyber threat actors — of all sophistication levels — will increase the scale of their activities to steal large amounts of personal and commercial data."

"Canadians are very likely to encounter malicious online influence activity in 2019. In the coming year, we anticipate state-sponsored cyber threat actors will attempt to advance their national strategic objectives by targeting Canadians’ opinions through malicious online influence activity."

"State-sponsored cyber threat actors will continue to conduct cyber espionage against Canadian businesses and critical infrastructure to advance their national strategic objectives."

"It is very unlikely that, absent international hostilities, state-sponsored cyber threat actors would intentionally disrupt Canadian critical infrastructure. However, we also assess that as all manners of critical infrastructure providers connect more devices to the Internet, they become increasingly susceptible to less-sophisticated cyber threat actors, such as cybercriminals."

None of these judgements is likely to astound anyone who has been paying a modicum of attention to this stuff, but at least they confirm that Those-In-The-Know and the rest of us are all pretty much on the same page on these questions.

Aside from a few cases cited as examples, the document provides little information about past cybersecurity incidents.

This was deliberate. In a stakeholders teleconference held on the day of the release, CSE officials told me their intent was for the publication to be a "forward-looking" document rather than a report on past events or a source of statistical data. They did acknowledge that this may mean that future reports run the risk of being significantly repetitious. I guess we'll have to see how much the Key Judgements actually change from year to year.

One bit of new information that does seem to have slipped into this edition is that "In 2017, the Communications Security Establishment alerted partners in the United States to an energy sector [industrial control system] cyber compromise" (see p. 25). This compromise was made public earlier this year, but as far as I can tell this is the first time it has been suggested that CSE played a key role in uncovering it. (Please correct me if I've missed something.)

In addition to the assessment, the Centre also released a companion document on December 6th, An Introduction to the Cyber Threat Environment, intended to provide "baseline knowledge about the cyber threat environment, including cyber threat actors and their motivations, sophistication, techniques, tools, and the cyber threat surface".

Tuesday, November 13, 2018

Canadian Centre for Cyber Security to be located at 1625 Vanier Parkway

The new home of the Canadian Centre for Cyber Security (CCCS) will be located in a commercial office building at 1625 Vanier Parkway in Ottawa, ADM of Operations André Boucher revealed in a presentation to the ITAC Cyber Security Technology Summit on October 30th.

The Centre will occupy the top six floors of the currently unoccupied 10-storey building. The building offers space at a rate of $42,500 per floor per month, so it looks like CCCS will pay about $3 million per year for the site.

Assuming 20-25 square metres per employee, the roughly 16,000 square metres of office space on the six floors should be sufficient for pretty much all of the 750 employees the CCCS is currently slated to have.

(For those interested, the image below shows a typical floor plan in the building.)

It is likely, however, that some employees will remain in CSE's Edward Drake building, where specialized labs and higher-security premises already exist. According to Boucher, the Centre's data holdings will remain housed at the CSE campus and/or in the public cloud.

In addition, as the CSE Commissioner reported in 2017, some IT Security personnel currently work face to face with SIGINT personnel in shared workspaces ("When analyzing cyber threat activities, the SIGINT and IT Security branches share tools and workspaces"). It seems unlikely that these common workspaces will end up in the CCCS's lower-security facility.

In September, CCCS Head Scott Jones testified that the Centre was hoping to occupy the same building as the new RCMP National Cybercrime Coordination Unit "so that we can be co-located." Thus, depending on its ultimate size, that unit might also occupy one or two floors in the building. The RCMP's existing cybercrime unit is housed in the force's National Division, which is headquartered at 155 McArthur Avenue, just one door down from 1625 Vanier Parkway. One way or another, therefore, it seems clear that the two organizations will indeed end up as neighbours.

It is not clear whether the other floors of 1625 Vanier Parkway will be occupied at all for the time being. The building has stood vacant—apparently in hopes of acquiring a major government tenant—since its construction was completed in 2015, and its owners may well be willing to wait a few more years to finish leasing it. That would probably be wise, as chances are good that the CCCS has not finished growing and may well be in search of additional space in future years. Alternatively, there is probably more than one Ottawa cybersecurity firm that would be pleased to lease spaces in the same building as CCCS.

Meanwhile, the departure of some 500 CCCS staffers from the Edward Drake building would seem to leave a substantial hole in the occupancy of that nearly brand-new facility.

This will not be a problem, however, as CSE's ongoing expansion was already starting to exceed the limits of the building. With continued growth of the SIGINT side of the organization already on the agenda, it is likely that the impending exile of the IT Security side is coming at just the right time.

Indeed, although the argument that the CCCS needs its own, more publicly accessible facility is reasonably convincing on its own, space considerations may well have been the decisive factor. As in 1956 when CBNRC outgrew the Rideau Annex and 1980 when CSE outgrew the Sir Leonard Tilley building, when the space runs out, it's always the IT Security side that gets the boot.

It takes a bit of digging through the documents to get an idea of where the changes took place, but this is roughly how it breaks down:

$624,893,953 (Main Estimates)

+ $1,923,668 (additional funding for Long-Term Accommodation Project)

- $442,771 (transfer to DFATD for liaison offices)

+ $6,941,780 (compensation adjustments)

+ $20,668,322 (operating budget carry-forward)

+ $35,703,582 (establishment of Canadian Centre for Cyber Security)

-----------------

= $689,688,534

—which for reasons entirely opaque to me is actually $6,785,441 larger than the overall $682,903,093 figure reported in the Supplementary Estimates (A). Perhaps the compensation adjustment figure isn't included in the total for some reason, although that would still leave a discrepancy of over one hundred thousand dollars. I probably missed something somewhere.

In any case, the big additions are the $20.7 million carry-forward from last year's budget and the $35.7 million added for the launch of the Canadian Centre for Cyber Security.

I'm a bit surprised we didn't see any transfer of funds from the Department of Public Safety and Shared Services Canada accompanying the transfer of personnel and duties from those departments to CSE. Maybe that will come later.

Recent CSE testimony suggests the agency now has roughly 2500 people, up from 2300, which if accurate is presumably primarily a result of these transfers.

The new figure makes CSE's budget about 4.1 times as large (after inflation) as it was prior to 9/11.

[I've updated the figures above a couple of times in the hour since first making this post, but I still can't make them add up.]

Tuesday, October 02, 2018

Canadian Centre for Cyber Security launched

The Centre, which I blogged about earlier here, was created by amalgamating Public Safety Canada's Canadian Cyber Incident Response Centre (CCIRC) and Get Cyber Safe public awareness program, elements of the Shared Services Canada Security Operations Centre, and the entire IT Security branch of CSE. The CCCS will remain a component of CSE, but it will have its own head (former Deputy Chief IT Security Scott Jones), its own public identity, and, as of 2019, its own headquarters building in the National Capital Region.

[W]e're making sure that we have a facility where people can come in and work. If you come and visit CSE now, we take all of your technology away because you're entering a top secret building. The cyber centre will not be that way. The physical facility for this will be a place where people can come and collaborate and, frankly, bring their stuff so we can see how it works and we can work together on things.

Jones anticipates that the RCMP's new National Cybercrime Coordination Unit, although not a part of the CCCS, will be co-located in the same building.

Thursday, July 19, 2018

OCSEC-2018 report released

To sum it up in a sentence, CSE didn't do anything egregiously wrong in the last year, at least as far as OCSEC is concerned. So, good news there.

Of course, as a result it's pretty much a certainty that this report will soon join its predecessors lost in the depths of obscurity. That's a shame, because as always, there's some information worth salvaging from it.

Unlike the 2016-17 report, which I only got around to revisiting in the past two months, I'll try to explore this one over the next few days and weeks.

Monday, July 09, 2018

OCSEC-2017, part II: The circumstances are always exceptional

Welcome to stage two of our expedition to the wreck of the OCSEC 2016-2017 annual report, as we return to the site of the report's disappearance to see what else of interest may be down there. (See stage one here.)

Ooh, here's a neat little artefact! CSE has been spying on citizens or other residents of its Five Eyes allies.

For decades there has been a persistent rumour among the more conspiracy-minded of spy agency watchers that the Five Eyes agencies evade the legal limits placed on spying on their own citizens and within their own borders by getting their partner agencies to do this spying for them. And for just as long, those agencies have been dismissing that claim as a load of paranoid nonsense. Which, to be fair, it mostly is.

Twenty years ago the first CSE Commissioner addressed this concern in his 1997-98 annual report, assuring his readers that

CSE undertakes explicitly to treat the communications of Second Party nationals in a manner consistent with the procedures issued by the agency of that country, provided such procedures do not contravene the laws of Canada. This is a reciprocal undertaking to ensure that the Second Parties do not target each others’ communications or circumvent their own legislation by targeting communications at each others’ behest.

In more recent years, however, those agencies and their watchdogs have occasionally conceded, grudgingly, that, OK, yes, once in a while the allies do direct their surveillance capabilities at one another, and that in some of those cases the information thus collected is in fact passed on to the ally that was targeted.

For example, in his 2013-14 annual report (page 24) the current CSE Commissioner acknowledged that "each partner is an agency of a sovereign nation that may derogate from the agreements and resolutions, if it is judged necessary for their respective national interests." He went on to reassure his readers (page 25), however, that CSE

policies and procedures state that collection activities are not to be directed at second party nationals located anywhere, or against anyone located in second party territory. Document review, discussions in interviews and written answers suggest that [CSE] conducts its foreign signals intelligence activities in a manner that is consistent with the agreements it has with its second party partners to respect the privacy of the partners’ citizens, and to follow the partners’ policies in this regard.

In the 2015-16 report, a little bit more was revealed about how our Second Party partners don't consider themselves quite as entirely bound by this rule as our own upstanding CSE folks do. As the Commissioner noted (page 16), in "exceptional circumstances, one of CSE’s partners may acquire and report on information about a Canadian or a person in Canada." He then explained (page 17) that these exceptional circumstances were now occurring regularly enough that CSE had established a special mechanism to transfer the material — which probably mostly concerned Canadians involved in extremist-related activities in Syria and elsewhere — from the allied agencies that had collected it onward to CSIS.

CSE policies and procedures state that collection activities are not to be directed at Five Eyes nationals located anywhere, or against anyone located in Five Eyes territory. Nevertheless, it is recognized that each of the Five Eyes partners is an agency of a sovereign nation that may deviate from these agreements if it is deemed necessary for their respective national interests. Accordingly, in such exceptional circumstances it may become necessary for CSE to acquire information involving Five Eyes nationals or a foreigner on Five Eyes territory. [emphasis added]

What followed should probably be described as exceptionally unsurprising. It turns out that circumstances have once again been exceptional and CSE has indeed been targeting Five Eyes nationals and/or territory.

In retrospect, it is tempting to conclude that the Commissioners' 1997-98 and 2013-14 statements were exceptionally disingenuous. But it is also possible that agency practices have been evolving at a rather rapid pace. The 2016-17 report notes (page 18) that "In 2015, CSE updated its policy [with respect to such monitoring] to more effectively respond to operational requirements and emergencies, and formalized certain existing practices."

In any case, if there's a Disingenuity Prize to be awarded, my vote would have go to John Forster, who as Chief of CSE assured the Senate in November 2012 that "I would no more target an American than they would a Canadian." This masterpiece of Schrödingerian superposition managed to be both exceptionally misleading and completely truthful at the same time. You have to admire the beauty of that, even as you remind yourself never to take a word these guys say at face value.

Still, we work with the information that we can dredge up, so back to the 2016-17 report.

In what was the first direct review undertaken of such targeting, the Commissioner looked at "all CSE-initiated activities involving Five Eyes nationals or a foreigner on Five Eyes territory" during the 20-month period from January 2015 to August 2016, amounting to a total of 11 "cases".

Eleven is a very small number, and while it is always possible that these 11 cases involved significantly more than 11 individuals, it's likely that the overall total was pretty small.

Still, this is not "incidental" collection of information obtained in the course of monitoring non-Five Eyes targets that we're talking about here: this is the deliberate targeting of allied nationals and/or territory, so even if the numbers are small it's potentially an explosive topic.

Given that possibility, before the Toddler in Chief fires up his Twitter account let's quickly note that this is not about the Canadian Deep State spying on Donald J. Trump. As sensible as it might be for the Canadian government to seek whatever advance warning it can get of the latest absurdities percolating in the Oval Office, a) the activities described in this report took place ca. 5 to 25 months before Trump took office, and b) there is not the slightest chance that the CSE Commissioner would have been permitted to reveal them if they involved anything liable to prompt awkward exchanges with the United States or other Five Eyes allies.

The Commissioner chooses his own topics to review and report, but it is the government that decides what information is declassified, so if anything truly embarrassing had been going on, people like me would still be wondering what the Commissioner meant by "certain activities" undertaken by CSE, not discussing the details of the targeting of Five Eyes partners. It is a safe bet that the U.S. and the other Five Eyes allies were well aware of the activities reported in this document.

Extremist Travellers phone home?

So what are we looking at here? Almost certainly not the Five Eyes partners spying on each other's political leaders or trade negotiators. In fact, for once the CSE Commissioner gives us a pretty clear indication (page 16): whereas last year's review examined the procedures used when CSE's partners "acquire and report information about Canadians located outside of Canada, for example, because they are known to be engaging in or supporting terrorist activities," this year's review looks at "the exceptional circumstances where CSE acquired information and reported on similar activities involving Five Eyes nationals."

With Canada actively involved in recent years in the battle against ISIS, and with all of the partners keenly interested in the activities of their nationals who have gone abroad to fight for that or other extremist causes and who may be seeking to radicalize others still at home, it seems that there is now tacit agreement among the partners that it's OK to target the nationals of the others when you encounter them in the course of counter-terrorism investigations.

If this is indeed what's going on, it may well be a reasonable exception to make under these specific, limited circumstances. But it should also raise some warning flags.

What is being done with the information collected by and shared among those allies, and perhaps beyond them, remains an issue. It is one thing to kill someone who is clearly part of an enemy armed force in an active theatre of war, even though they may be a citizen of your country. But what if, freed from past pledges not to monitor partner nationals, the U.S. targets a Canadian thought to be radicalizing other Westerners who is hiding out in Libya, where Canada is not at war but U.S. drone strikes are actively killing extremist supporters? Do we have an official position on that? What about the use of such information for arrest and subsequent torture? Presumably it is not the view of the government that it's open season on all Canadian "extremists" — convicted by spy agencies, not by courts — once they are outside our borders.

In 2015, Canada resumed the practice of requesting Five Eyes assistance when Canadians travelling outside Canada are monitored under CSIS warrants, even though this identifies those Canadians to our partners, who may then choose to do their own monitoring of those individuals for their own purposes, be they intelligence collection, rendition, or death. The Commissioner made a nod toward these concerns on page 18 of his report:

While not directly related to this review, the Commissioner again encouraged the Minister to address an outstanding July 2013 recommendation to issue a new ministerial directive to provide general direction to CSE on its foreign signals intelligence information-sharing activities with its Five Eyes partners.... The office was informed that a new ministerial directive is being developed that will explicitly acknowledge the risks associated with this type of sharing, given that CSE cannot, for reasons of sovereignty, demand that its Five Eyes partners account for any use of such information.

Another red flag concerns the possibility that the purposes of such monitoring may expand. Protecting against terrorism may be a reasonable and limited reason for bending the rules against monitoring each other's nationals, but how about preventing the proliferation of weapons of mass destruction? That's pretty important. How about stopping child sexual exploitation? Or disrupting the deadly fentanyl trade? Where do you stop?

Counter-intelligence? Tax evasion? Illegal downloading?

Disloyalty to the President?

To be clear, we are a long, long way from a panoptical world where surveillance laws no longer matter because the other Five Eyes agencies are spying on everybody for us. We are not even remotely close to that world, and we probably never will be. We have many safeguards against it.

But you can see it from here, far away down there at the bottom of the slope we now seem to have stepped upon. Our footing seems pretty secure way up here, but we should probably tread carefully.